K3Ahttps://k3a.me
Personal WebsiteSun, 18 Nov 2018 19:10:41 +0000en-UShourly1https://wordpress.org/?v=4.9.9Running x86_64/amd64 executables on PPC64le IBM Power 9 Gentoohttps://k3a.me/running-x86_64-amd64-executables-on-ppc64le-ibm-power-9-gentoo/
https://k3a.me/running-x86_64-amd64-executables-on-ppc64le-ibm-power-9-gentoo/#respondSun, 23 Sep 2018 15:23:51 +0000https://k3a.me/?p=662Running android-studio on a Talos II ppc64 machine requires the aapt2 binary. That is currently only a part of the x86_64 build-tools, so I had to learn a way to run x86_64 executables on ppc64 cpu. The first option is full emulation (emulating x86_64 kernel and apps), the other is QEMU’s user mode translation (emulating […]

]]>Running android-studio on a Talos II ppc64 machine requires the aapt2 binary. That is currently only a part of the x86_64 build-tools, so I had to learn a way to run x86_64 executables on ppc64 cpu. The first option is full emulation (emulating x86_64 kernel and apps), the other is QEMU’s user mode translation (emulating only user-mode, translating syscalls to a running ppc64 kernel). Let’s have a quick look at the QEMU user-mode translation.

It is described and demoed (under chroot though) in short at Raptor’s website. I don’t have enough time to describe every single step so this article contains just a couple of hints which I missed when I was attempting to do this.

I have a Gentoo ppc64le system compiled fully from source. I made it using Catalyst on x86 and various profile dirty hacks, then copied to Talos HDD – I don’t remember exact steps but I can tell you it took approximately 4 days to figure out and it is possible to achieve (for the compilation of amdgpu support and gnome or other graphical stuff you should reserve couple more days and be prepared to manually modify a few ebuilds).

Once you have a working Gentoo ppc64 installation, the next step is to get an x86_64 cross-dev environment if you don’t have it already from Catalyst preparation. It will create a directory /usr/x86_64-multilib-linux-gnu/ and it is made by cross-x86_64-multilib-linux-gnu/glibc and similar ebuilds.

Then we need QEMU with proper targets (add this to make.conf and emerge qemu):

QEMU_USER_TARGETS="x86_64"

To allow running x86_64 apps like any other app, binfmt_misc (CONFIG_BINFMT_MISC) needs to be enabled in the kernel and x86_64 ELF definition loaded. Either look at /etc/init.d/qemu-binfmt (Open-RC) or add this file /etc/binfmt.d/qemu-x86_64.conf and enable systemd-binfmt service (for systemd):

This will allow running x86_64 binaries directly using qemu-x86_64 automatically.

But unless you use chroot, it still won’t work because of a missing ld linker and libraries. Using strace you can see that it tries to load libraries under various paths. It searches for a linker at /lib64/ld-linux-x86-64.so.2 so we have to make a symlink there. For other libraries it tries /lib64/x86_64 and /usr/lib64/x86_64 which are perfect candidates for symlinking. The only remaining path is gcc libs, we can’t add them to /etc/ld.so.conf.d where your ppc64 GCC LDPATH is, so we have to make symlinks for individual files. In other words you want to do something like this:

After that, x86 binaries should auto-magically work just like any other binary, without using an explicit chroot.

You may come across a problem that an executable fails to load libraries despite you see that the x86_64 library is found. All you see is mmap fail with errno EFAULT and errors like “error while loading shared libraries” or “failed to map segment from shared object”. That is because your kernel is not compiled with 4k page size! In kernel menuconfig, it is under “Kernel config” -> “Page size” (CONFIG_PPC_4K_PAGES=y). It has to be 4k, because it is x86_64 standard page size.

]]>https://k3a.me/running-x86_64-amd64-executables-on-ppc64le-ibm-power-9-gentoo/feed/0Missing Android manualhttps://k3a.me/missing-android-manual/
https://k3a.me/missing-android-manual/#respondSun, 11 Mar 2018 18:27:47 +0000http://k3a.me/?p=648We all got Android devices without a proper manual so here are some basics I have learned over time… It was taken from my internal notes so it’s not very pretty but I decided to share it so it can help more people. Basic Paths /system – system partition with read-only system /data – data […]

]]>It is actually quite easy to boot Windows virtualized using KVM. But to properly use the UEFI bootloader, suitable QEMU arguments are required. Here is a lightly commented QEMU command I use to boot virtual Windows 10 I have on a separate partition.

For now I use sudo, because QEMU needs to access raw partitions from /dev/sdb. The other, better way would be assigning a group to /dev/sdb, setting up proper group permissions and adding me to that group.

-m 2048 -smp 3 says to allocate 2GB of RAM for the guest and use 3 CPU cores

-drive file=/usr/share/ovmf/x64/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on This is a very important part. It loads OVMF UEFI firmware read-only as the first Flash device. This firmware implements a UEFI bios and allows running UEFI Shell or booting .efi bootloader for Windows (bootmgfw.efi). This OVMF can be downloaded directly from the OVMF project repo or if you are using Arch Linux, just install ovmf package.

-drive file=$HOME/.config/qemu-windows.nvram,if=pflash,format=raw,unit=1 this loads a read-write NVRam flash image as the second virtual flash chip. OVMF firmware uses this to store UEFI variables, .efi boot order, etc. The default image can be copied from the OVMF setup (at /usr/share/ovmf/x64/OVMF_VARS.fd in ovmf Arch linux package). It must be a writable copy.

-drive file=/dev/sdb,index=0,media=disk,driver=raw Attaches my raw sdb block device to the virtual machine. That is used as a HDD for the guest, it has Windows pre-installed there together with EFI partition.

-cdrom /opt/UefiShell.iso UEFI shell iso as a CDROM. Before OVMF nvram is properly configured to boot Windows by default, this will result in booting into the EFI shell which allows to run .efi executables manually. Windows can be run by just navigating into the EFI partition and running the Windows efi loader – blkX:\EFI\Microsoft\Boot\bootmgfw.efi.

I don’t know how to force Windows to write UEFI boot order. There doesn’t seem to be a tool like efibootmgr on Windows. :D Windows would set the UEFI boot order up randomly during some Windows Updates (mostly when you don’t want it to touch your EFI setup). It eventually set the EFI config up for me itself quite quickly. But if it fails, you can try pressing ESC during TianoCore EFI boot to get to boot menu. Or you can always boot Linux using the -cdrom command and use efibootmgr to force the OVMF to boot the Windows loader entry for this virtual machine by default. Usage of the efibootmgr command is out of scope of this article and can be found in many online resources elsewhere.

Have fun with virtualized Windows and remember – Windows is good for games only and for stuff like government PDFs which use proprietary Adobe XFA forms and are therefore supported in official Adobe Reader which has the best support in this lousy platform only. Windows definitely shouldn’t be used on servers or anything serious! By default it is very limited (maximum number or RAM, maximum number of CPU cores, maximum number of listening socket connections, etc) until you pay huge amounts of money to Microsoft. Wise people use Linux and lazy people who don’t care about privacy or freedom use Mac OS X.

]]>https://k3a.me/boot-windows-partition-virtually-kvm-uefi/feed/8RC5 device addressees and commands are partly “standardized”https://k3a.me/rc5-device-addressees-commands-partly-standardized/
https://k3a.me/rc5-device-addressees-commands-partly-standardized/#respondMon, 05 Mar 2018 17:50:21 +0000http://k3a.me/?p=631During my attempt to program an Atmel micro-controller to act as a remote controller sending RC5 commands, the original remote suddenly stopped sending the correct Standby code to the device and I noticed device ID part of the RC5 frame has changed from 0x10 into 0x11. I accidentally switched the original remote to a mode […]

]]>During my attempt to program an Atmel micro-controller to act as a remote controller sending RC5 commands, the original remote suddenly stopped sending the correct Standby code to the device and I noticed device ID part of the RC5 frame has changed from 0x10 into 0x11. I accidentally switched the original remote to a mode for a different type of appliance! I realized that after I found a nice PDF from Freescale semiconductor showing a table with common device IDs and command IDs.

It is interesting to know these IDs are at least partly “standardized”. This PDF can be found here and maybe it will help someone else too. I don’t like linking to remote content as it can be moved or deleted easily – especially in this case – I couldn’t find this PDF on the official Freescale site.

So then I found out how to switch the original remote into the proper device mode again. :P

Example RC5 sending code for Atmega328P

If you are into coding a RC5 remote, you can use my work-in-progress code for Atmel Atmega328p as a starting point. RC5 sending code is partly based on Arduino IR library. I found out exact meaning of the timer setup bits, commented it more, added explicit device ID and command ID and RC5x support.

PB5 is used for debug LED output (Arduino Nano uses it for internal LED too), PB1 is PWM output for IR LED and PD2 is used as an external interrupt input to wake the device up from sleep mode (connecting it to low level wakes the device up). The command codes are for Marantz SR series btw…

]]>https://k3a.me/rc5-device-addressees-commands-partly-standardized/feed/0Telegram emoji list with codes and descriptionshttps://k3a.me/telegram-emoji-list-codes-descriptions/
https://k3a.me/telegram-emoji-list-codes-descriptions/#respondThu, 01 Feb 2018 22:46:55 +0000http://k3a.me/?p=603After almost 2 years of using Telegram, I finally discovered that it is possible to enter emoji using its name after “:” character. Unfortunately I couldn’t find any complete list of available emojis anywhere, so I had to dig deep into the Telegram desktop source code to generate it. It was far more complicated than […]

]]>After almost 2 years of using Telegram, I finally discovered that it is possible to enter emoji using its name after “:” character. Unfortunately I couldn’t find any complete list of available emojis anywhere, so I had to dig deep into the Telegram desktop source code to generate it.

It was far more complicated than I hoped. I expected it would take 30 minutes but instead, it took me almost whole day!

Telegram emoji is based on Apple Color Emoji font embedded in iOS and Mac OS X which Apple allows to use outside Apple platforms. This ttf/ttc font is quite big (~50MB) so Telegram developers decided not to use the font directly but generate an image atlas in webp format instead. This generation is part of their “codegen” step and I had to compile the “codegen_emoji” generator which is based on Qt5. It took some time to understand the code and find a place to put logging there.

]]>https://k3a.me/telegram-emoji-list-codes-descriptions/feed/0Samsung printer problem on GNU/Linux (printing black pages)https://k3a.me/samsung-printer-problem-gnulinux-printing-black-pages/
https://k3a.me/samsung-printer-problem-gnulinux-printing-black-pages/#commentsTue, 22 Aug 2017 17:30:05 +0000http://k3a.me/?p=590I’ve been using Samsung ML-2160 printer on Gentoo Linux for some time without problems but then I connected it to a box running Arch Linux and I some problems came up. It was printing almost completely black pages (with a few narrow white strips). I installed samsung-unified-driver-printer from AUR first and thought the problem is in […]

]]>I’ve been using Samsung ML-2160 printer on Gentoo Linux for some time without problems but then I connected it to a box running Arch Linux and I some problems came up. It was printing almost completely black pages (with a few narrow white strips).

I installed samsung-unified-driver-printer from AUR first and thought the problem is in the packaging but the same problem appeared when installed unsing official install script.

From the CUPS error log it was clear that rastertospl crashes and despite the crash, CUPS sends the rastertospl output to the printer.

A stack trace points to the gnutls/libasm1 and the bug appears to occur at the end of the program execution when the program tries to do a cleanup. I suspect that a memory bug ocurrs sooner in the execution, also damaging some of the internal gnutls structures.

These error messages are all glibc memory operation checks which can be disabled by MALLOC_CHECK_=0 env variable but disabling them doesn’t help in any way – CUPS apparently sends the filter output to the printer despite filter being abort()’d by this check.

A crash happened for me only when “Edge Control=On” AND “Toner Save=Off”. When I turned the Edge control “Off”, I could enable/disable the toner save and it wouldn’t crash anymore. BTW “edge control” probably doesn’t refer to the page edges; it probably controls how edges of black elements (characters) are rendered and there appears to be a minimal difference so keeping it Off is not a big deal.

So if your Samsung is printing black pages on GNU/Linux, try disabling “Edge Control” and send complains to Samsung about their buggy rastertospl.

During my thoubleshooting, I found out that rastertospl is able to output more debugging messages. It didn’t help to solve this problem but in case anyone is interested, to enable verbose log, create a file “/tmp/rastertospl.lcf” with content LOG_LEVEL=9 and the next time the rastertospl is executed, it will output a more verbose log into “/tmp/rastertospl.log”.

]]>https://k3a.me/cz-proc-je-facebook-messenger-spatny/feed/2Referer sending options in Firefoxhttps://k3a.me/referer-sending-options-firefox/
https://k3a.me/referer-sending-options-firefox/#respondThu, 16 Mar 2017 20:40:42 +0000http://k3a.me/?p=531Sending Referer header to the target site after every click on a link is basically revealing URL of the referring site. Several sites mention it as a potential privacy concern but as far as I know there is no UI option in common browsers. Firefox since 28 added “hidden” options for this. This option can […]

]]>Sending Referer header to the target site after every click on a link is basically revealing URL of the referring site. Several sites mention it as a potential privacy concern but as far as I know there is no UI option in common browsers. Firefox since 28 added “hidden” options for this.

This option can be set in Firefox’s about:config page. You can enter it by typing about:config in the address bar and confirming the alert.

]]>https://k3a.me/referer-sending-options-firefox/feed/0Tips for making a new password and how passwords workhttps://k3a.me/tips-for-making-a-new-password-and-how-passwords-work/
https://k3a.me/tips-for-making-a-new-password-and-how-passwords-work/#respondSat, 22 Oct 2016 16:16:55 +0000http://k3a.me/?p=308From what I have seen, many people use weak passwords. But it’s actually easy to make them strong. Let’s see. First, do you know how passwords are stored on the servers? There are two main principles: The first one is just storing it in the database as-is. It’s called plain-text format. That one is bad, because […]

]]>From what I have seen, many people use weak passwords. But it’s actually easy to make them strong. Let’s see.

First, do you know how passwords are stored on the servers? There are two main principles:

The first one is just storing it in the database as-is. It’s called plain-text format. That one is bad, because if someone reads the database (a hacker, server administrator, etc) – they can just see the password and can try to log in as you in a different service (unfortunately some people use the same password for several services). You can sometimes guess this type of storage if the service gives you some “maximum” restrictions. For example “maximum length of the password is 8 characters” or “You can use only alphanumerical characters and digits in your password”.

Second one is using a cryptographic hash (checksum). There are several algorithms for computing hashes from plain-text input. You give that function a plain-text and it returns a big number (hash). The returned hash is always the same for the same input. But knowing the hash only, it’s difficult to find the input it was generated for. In the database on the server, we just store that big number (hash) so when someone gets access to the database, they don’t have the plain-text passwords directly. There are a few methods of “breaking the hash” – one of them is using brute force – trying random inputs until the same hash is returned (that takes lots of time) or cryptanalysis. Different hash algorithms have different strength – some are better, others are weak. Sometimes a combination of algorithms is used to make the output computation more time-consuming and secure.

Here are my general suggestions for making your new password:

Use the first or last character of words in some easily-rememberable sentence. Example password “ildaced” from the sentence “I like drinking a coffee every day”.

Revert characters in words. Some passwords can be cracked using a dictionary of words. If you just reverse characters in a word, you will basically create a new word which won’t be in the dictionary. An example password tsrifeeffoc made from “first coffee”.

Use non-usual characters in the password. Characters like $!() etc are not used in bruteforce cracking normally.

Use different passwords for different services. It may be enough to just modify a character or two for each service. An example: fblackcat for Facebook.

Use a completely random password. This works but is difficult to remember. You may use an app wallet like KeePass or mSecure to store passwords but if someone gets access to your wallet, they will get all passwords immediately. To generate a random password, you can use this linux/mac terminal command: head -c 8 /dev/random | base64 | tr -d =

]]>https://k3a.me/tips-for-making-a-new-password-and-how-passwords-work/feed/0Setting up IPv6 using a DHCP clienthttps://k3a.me/setting-up-ipv6-using-a-dhcp-client/
https://k3a.me/setting-up-ipv6-using-a-dhcp-client/#commentsFri, 21 Oct 2016 14:46:39 +0000http://k3a.me/?p=481Our ISP (internet service provider) finally started offering IPv6. On the server, I received static configuration. Here, they are using DHCP6 with prefix delegation and it isn’t as straightforward as one would expect. There are probably three most commonly used DHCPv6 clients for Linux – dhcpcd, dibbler and WIDE-DHCPv6. Although I compiled WIDE-DHCPv6 by fixing some compilation issues, […]

]]>Our ISP (internet service provider) finally started offering IPv6. On the server, I received static configuration. Here, they are using DHCP6 with prefix delegation and it isn’t as straightforward as one would expect.

There are probably three most commonly used DHCPv6 clients for Linux – dhcpcd, dibbler and WIDE-DHCPv6. Although I compiled WIDE-DHCPv6 by fixing some compilation issues, I decided not to use it just because it is not actively maintained. So first I tried dhcpcd and immediately faced a problem.

Please note that I am describing IPv6-only configurations here. Of course you can extend them to ipv4 by reading the manual(s).
Also note that enp0s1 is the external facing interface (the one which connects to the ISP) and br0 is my internal bridge with LAN and WLAN interface for my local clients.

dhcpcd

Yes, dhcpcd supports DHCPv6. It is not very well documented with working examples, though. You can make a configuration like this:

The problem is, my ISP won’t give me prefix delegation for IAID of 2 for some unknown reason. DHCP server is responding “Sorry, no prefixes could be allocated at this time”. Setting IAID to 1 for both ia_na and ia_pd is prohibited by RFC so dhcpcd complains with “option type mismatch” and sets IAID of first 4 bytes of br0 MAC for IA_PD and the same problem occurs.

The solution is, surprisingly, to set IA_NA IAID to 0 and IA_PD IAID to 1. This was not mentioned anywhere and manuals always showed IAIDs of 1. So the correct setting for dhdpcd for me would be: